Michael Reynolds in General on Tuesday, July 2, 2013
Doing business in the age of cloud computing and digital communications is awesome. We have tools that allow us to reduce or eliminate paper clutter, collaborate more effectively, and get more done than ever before.
However, with great convenience comes great peril (er... or something). All these tools and communication methods also open up new ways for our security to be compromised. Email accounts, social media accounts, and other online profiles are hacked every day.
For a chilling example of this, go read Matt Honan's description of his experience with a hacker who wiped out his entire digital life. Seriously, read the entire thing. It will freak you out.
Most of these intrusions are preventable. By using strong passwords and a little common sense, you can keep your data relatively safe.
One of the best ways to add a layer of security to your accounts is to take advantage of 2-step verification.
2-step verification is available from many leading email providers and social networks. This tutorial will guide you through how to set it up with Google Apps (or Gmail), Facebook, and Twitter.
Email (via Google Apps or Gmail)
Let's start with Google Apps. You are using Google Apps in your business, right? Note that these instructions apply to both Google Apps (for business) and standard Gmail (for personal use).
Note to Google Apps administrators: before your users can enable 2-step authentication, you will need to enable it in "Manage this Domain -> Settings -> Security." Once you've done that, your organization is ready for 2-step verification and your users can follow the instructions below. Here they are...
The first step is to log into your account and go to your settings, found under the gear icon.
This will bring you to your settings screen. Choose the "Accounts" tab and then click on "Google Account Settings" to go to your account settings.
You will now be taken to a screen where you can manage settings for your Google Account (which controls more than just your email). Look in the lower right and click on "Manage security" under the Password section.
Now look under the section that says "Recovery options" and edit this section. You'll want to add a recovery email address and your cell phone number to this section.
Next, under "Notifications," you'll want to verify your cell phone number and have it send you a text message as a test.
I would also recommend setting your account to notify you by phone (text message) of any suspicious activity.
Now, go to the 2-step verification section and edit this. By default, it is set to OFF.
Set it to ON and you're all set. You have now activated 2-step verification. Whew! That wasn't so bad, was it?
You will also be given a link to set up application-specific passwords, like your iPhone, iPad, or desktop mail applications. Go through this step to create passwords for these apps since they cannot handle the 2-step veritication process.
So how does this work? Now, any time you (or anyone) tries to log into your account from an unknown device, a text message will be sent to your phone with a verification code. This code must be entered before you can log in. This means that even if someon gets access to your password, they cannot log in unless they also have access to your phone. Pretty neat, huh? Very secure.
Facebook also allows you to turn on 2-step verification. Start by going to your settings and choosing "Account Settings."
Then go to the "Security" tab to view your security settings. From here, edit "Login Approvals."
Now you will be able to set up 2-step verification with your cell phone. When prompted for my cell phone type, I chose "Other" so it would simply send me a text message rather than make me reply using the Facebook app. This is simply a personal preference but it seemed more straightforward to me.
Now, just like your Google Account, a verification code will be sent to your phone whenever a login is attempted from an unknown device. This code will have to be entered before you can log in.
By now, you're a pro at this so you should have no problem setting up 2-step verification on your Twitter account. Go to your settings and enable it there.
Naturally, you'll need to make sure your cell phone number is on file.
I'm really pleased that Google, Facebook, and Twitter are offering 2-step verification and I hope more online services follow suit. If you're worried about online privacy and security, take a few minutes to secure your accounts.
Bonus: if you're a Google Apps administrator, you can require that all employees in your organization use 2-step verification. This is probably a great move to ensure organization-wide security.
Please share this with everyone you know so that we can help others prevent unnecssary intrusions.